Hey Jeff, thanks for the patch and writing this up. I think the approach to explicitly deny and then set what is allowed or explicitly allow then deny specifics makes sense. Supporting CIDR notation and ip4 and ip6 both good too.
Waiting for KAFKA-1845 to get committed I think makes sense before reworking this anymore right now, yes. Andrii posted a patch yesterday for it so hopefully in the next ~ week(s). Not sure what other folks think of this approach but whatever that is would be good to have it in prior to reworking for the config def changes. /******************************************* Joe Stein Founder, Principal Consultant Big Data Open Source Security LLC http://www.stealth.ly Twitter: @allthingshadoop <http://www.twitter.com/allthingshadoop> ********************************************/ On Wed, Jan 21, 2015 at 8:47 PM, Jeff Holoman <jholo...@cloudera.com> wrote: > Posted a KIP for IP Filtering: > > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-7+-+Security+-+IP+Filtering > > Relevant JIRA: > https://issues.apache.org/jira/browse/KAFKA-1810 > > Appreciate any feedback. > > Thanks > > Jeff >
